-
漏洞信息

漏洞名称:GdkPixbuf未明位图处理拒绝服务漏洞

紧急程度:中危

漏洞类型:未知

发布日期:2004-04-15 00:00:00

更新日期:2005-05-13 00:00:00

攻击路径:远程

详细介绍:

gdk-pixbuf 0.20之前版本存在漏洞。攻击者可以通过畸形的位图(BMP)文件导致服务拒绝（崩溃）。

-
公告与补丁

Red Hat has released an advisory RHSA-2004:103-05 and fixes to address this issue in Red Hat enterprise products. Customers who are subscribed to the Red Hat Network may employ the up2date utility to retrieve appropriate fixes, further information can be found in the referenced advisory. Red Hat has released an advisory RHSA-2004:102-01 and fixes to address this issue in various Red Hat Linux operating systems. Please see the referenced advisory for more information. Mandrake has released an advisory MDKSA-2004:020 to address this issue in corporate products. Please see the referenced advisory for more information. Debian has released advisory DSA 464-1 to address this issue. Please see the attached advisory for details on obtaining and applying fixes. SGI ProPack Patch 10062 is available. Please see advisory 20040303-01-U for further details. RedHat Fedora Legacy has released advisory FLSA:2005 to address this issue for RedHat Linux 7.3 and 9. Please see the referenced advisory for details on obtaining and applying fixes. RedHat gdk-pixbuf-gnome-0.18.0-7.i386.rpm

-
漏洞描述

GdkPixbuf contains a flaw that may allow a denial of service. The issue is triggered when parsing BMP images containing a "bfOffBits" field having an extremely large value, and will result in loss of availability for the application linked against the library.

-
时间线

公开日期:
2004-03-10

发现日期:
2004-02-17

利用日期:Unknow

解决日期:Unknow

-
解决方案

Upgrade to version 0.20 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

-
漏洞讨论

The GdkPixbuf library has been reported prone to an unspecified denial of service vulnerability. This issue is reported to cause the Evolution email client to crash when a malicious Bitmap file is handled. Other applications that rely on the library may be similarly affected.

-
漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

-
解决方案

Red Hat has released an advisory RHSA-2004:103-05 and fixes to address this issue in Red Hat enterprise products. Customers who are subscribed to the Red Hat Network may employ the up2date utility to retrieve appropriate fixes, further information can be found in the referenced advisory.

Red Hat has released an advisory RHSA-2004:102-01 and fixes to address this issue in various Red Hat Linux operating systems. Please see the referenced advisory for more information.

Mandrake has released an advisory MDKSA-2004:020 to address this issue in corporate products. Please see the referenced advisory for more information.

Debian has released advisory DSA 464-1 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.

SGI ProPack Patch 10062 is available. Please see advisory 20040303-01-U for further details.

RedHat Fedora Legacy has released advisory FLSA:2005 to address this issue for RedHat Linux 7.3 and 9. Please see the referenced advisory for details on obtaining and applying fixes.